O'Reilly logo

Learning iOS Penetration Testing by Swaroop Yermalkar

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Insecure storage in keychain

Keychain is a secure location in an iOS where data is encrypted and tied to the device locking/unlocking. The keychain database is in an encrypted format and the encryption happens with a unique hardware-specific key. The hardware key that is used for the encryption is at a secure location and can't be extracted from the device. Keychain items are classified into five classes, as follows:

  • Generic passwords (kSecClassGenericPassword)
  • Internet passwords (kSecClassInternetPassword)
  • Certificates (kSecClassCertificate)
  • Keys (kSecClassKey)
  • Digital identities (kSecClassIdentity, identity=certificate + key).

Data protection mechanism has been implemented by iOS, in which the keychain having sensitive data is protected with another ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required